The bootrom also goes by the name "iBoot." The list of bootroms can be found on their own page.

Extract and Disassemble

To extract the bootloader and disassemble using IDA, follow the following steps:

obtain the bootloader from the iPSW. This file is in the Firmware/all_flash subdir, e.g. Firmware/all_flash/all_flash.n81ap.production/iBoot.n81ap.RELEASE.img3, where the "n81ap", "k90", etc.. are for the i-Device type

run xpwntool with the proper key (from elsewhere in this Wiki)

Make sure the decryption was successful - if it is, you should see:

"iBoot for ...., Copyright 2011, Apple Inc."

if you cat (i.e. type) the file.

remove the img3 header - the good stuff starts at offset 0x40 (i.e. 64) - using dd (skip=1 bs=64) or some other tool

Load in IDA. Set processor to ARM. Rebase program (Edit→Segments→Rebase Program) to 0x5FF00000 (for iBoot in iOS 5). You should see something like:

On 1st February, 2014, iH8sn0w found a very powerful iBoot exploit that allows any iDevice with an A5 or A5X chip to be jailbroken, regardless of the iOS version. He used it mainly to grab AES decryption keys. However, according to this tweet from winocm, the exploit will never go public. Once he cleans it up a bit, the decryption keys will be available here.
He mentioned here that it will work on A6 and A7 chips soon, but it will require some minor modifications.

Commands used as an exploit vector

diags: Until 2.0 beta 6, the diags command would jump to code at the address provided to it. For example, if you sent "diags 0x9000000", it would directly jump to the code at 0x9000000. There is now a check that only allows engineering devices to utilize this backdoor.

arm7_go: For firmware 2.1.1, the iPod touch 2G iBoot contains the ARM7 Go command, which could be used to run a payload on the ARM7 in the device.

OpeniBoot

There is an open source version of iBoot designed so that custom kernels can be run on the iPhone/iPod/iPad. You can check out the source here. It is VERY useful if you are ever reversing iBoot and do not feel like finding out what certain hardware registers are yourself.
OpeniBoot currently supports all S5l8900, S5l8720, S5l8920 and S5l8930 devices. More info can be found about OpeniBoot and Linux on these devices on the iDroid-Project website.